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(57)Abstract: 

PROBLEM TO BE SOLVED: To provide a code 
managing device for a BIOS and a BIOS chip capable 
of managing a code. 

SOLUTION: A BIOS chip 10 is composed of a first 
flash memory unit 12 for preserving an inside BIOS, a 
second flash memory unit 14 for preserving code 
data, and an integrated code managing device 15 
connected to an external device, the first flash 
memory, and the second flash memory. At the time of 
receiving a modifying command, the integrated code 
managing device generates code data, and transmits 
the code data to the second flash memory unit so that 
the code data can be preserved. Then, the 
encipherment of the coded data is executed. At last, 
the original coded data are compared with the decoded data, and only when the original 
coded data are coincident with the decoded data, the modification of the inside BIOS is 
permitted. The encipherment is made excutable by using asymmetrical RSA engines so 
that it is impossible to find out any correct RSA code. Therefore, it is possible to protect the 
inside BIOS data from modification due to the intrusion of any virus program. 
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1. TITLE OF THE ENVENTTON 

CODE ADMINISTRATION OF BIOS 

2. WHAT IS CLAIMED IS: 

1. A. BIOS chip having a code administrator therein for inspecting input 
modification command from on externa] device before granting a permission to modify 
internal BIOS data, comprising: 

a first flash memory unit for holding internal BIOS data; 

a second flash memory unit for holding security data; and 

an integrated code administration device connected to the external device, the 
first flash memory unit and the second flash memory unit, wherein the integrated code 
administration device receives the modification command, transmits the security data Lo 
the second flash memory unit for storage, encrypts the security data to produce 
encrypted data and sends the encrypted data to the externa] device for decryption, after 
decryption in the external device, (he decrypted data is returned to the integrated code 
administration device to compere with the original security data, if there is a match 
between the said data, internal BIOS data is replaced by the data provided by the 
external device. 

2. The BIOS chip of claim I, wherein the integrated code administration device 
further includes: 

, a host bus connected to the external device for receiving the modification 
command and modification data for the BIOS; 



a micro-controller connected lo the host bus for receiving the modification 
command and sending out a request- lor- inspect ion command; 

a random number generator connected to the micro-controller for receiving the 
requester-inspection command and generating a first random number, and 

a RSA engine, wherein the RSA engine is connected to the random number 
generator and the host bus for receiving the first random number to produce RSA 
encrypted dato f the RSA encrypted data are sent lo the external device, the external 
device decrypts the encrypted data to produce a second random number, the second 
random number is returned and compared with the first random number, internal BIOS 
data is replaced by external data only when the First and the second random number 
match. 

3. The BIOS chip of claim 1. wherein the integrated code administration device 
further includes: 

a host bus connected to the external device for receiving the modification 
command and modification data for the BIOS; 

a micro-controller connected to the host bus for receiving the modification 
command and sending out a request-for-inspection command; 

a random number generator connected to the rnicro-controHer for receiving the 
requestrfor-inspection command and generating a first random number; and 

a data encryption standard (DES) engine, wherein the DES engine is connected 
to the random number generator and the host bus for receiving the First random number 
to produce DES encrypted data, the DES encrypted data are sent to the external device, 



the external device decrypts the encrypted data to produce a second random number, the 
second random number is returned and compared with the first random number, internal 
BIOS data is replaced by external data only whet) the first and the second random 
number match. 

4. A code administration method for checking the validity of request from an 
external device for modifying the internal BIOS data before granting an actual 
permission for the modification, comprising the steps of: 

Storing data for modifying the BIOS in registers; 
generating a random code and storing up the random code; 
encrypting the random code to produce encrypted data; 
sending the encrypted data to the external device; 
decrypting the encrypted data in the external device; 

comparing the; original random code with the decrypted data to check for 
conformity; 

granting the modification of internal BIOS data when there is a match between 
the decrypted data and the random code; and 

rejecting any modification to internal BIOS data when there is a mismatch 
between the decrypted data and the random code. 

5. The method of claim 4, wherein the step of producing the random code 
includes using a random number generator. 

6. The method of claim 4, wherein the step of encrypting the random code to 
produce encrypted data includes using a RSA engine. 

7. The method of claim 4, wherein the step of encrypting the random code to 
produce encrypted data includes using a data encryption standard (PES) engine. 



3. DETAILED DESCRIPTION OF THE INVENTION 

BACKGROUND OF THE INVENTION 

1. Field of (he Invention 

The present invention relates to a basic input/output system (BIOS). More 
particularly, the present invention relates to code administration inside a BIOS. 

r' 

2. Description of the Related Art 

In general, after a personal computer is turned on, the central processing unit 
(CPU) within the personal computer will carry out a sequence of commands 
automatically. The operations carried out by these commands can be roughly 
classified into three major types, namely: 

1. Commands that perform a system configuration analysis. In the system 
configuration analysis, information regarding the CPU type, memory size, software and 
hardware type and quantities, any floating point computation device and so on of the 
computer system are determined. Such information can be used as a reference in 
subsequent actions. 

2. Commands that perform a power on self test (POST). In the POST, 
hardware states of memory units, chipsets, CMOS, storage data, keyboard, magnetic 
disk machines are checked. IF any errors are discovered, those errors are reported back 
to the user. 

3. Commands that download an operating system. Through a small program 
known as a 'bootstrap loader', an operating system (such as MS DOS or Window 95/98) 



is found and downloaded from a hard disk, for example. Thereafter, power of control 
is transferred to the operating system before the end of the start-up session. 

All the said commands on starling a computer system are often referred to as a 
basic inpul/output system (BIOS) program. In short, the BIOS program can be 
regarded as the first program to be executed. If the start-up process is stuck, some 
hardware problems have probably occurred somewhere. To operate the computer 
successfully, these hardware problems must be removed. 

The said BIOS program is generally stored in a flash ROM chip. Flash ROM 
is a type of memory that permits random access and modification of internal data. 
Since data within a flash ROM chip is retained alter power off. the flash ROM chip can 
be used to store the start-up program of a personal computer. However, because of 
programmable characteristics, flash ROM is also vulnerable to attack by vims programs 
leading to possible irreversible system damages. 

SUMMARY OF THE IrWENTlOlV 

Accordingly, one object of the present invention is to provide a code 
administrator for BIOS. Using an integrated code administration device, coded data 
arc generated and stored. A non-symmetrical RSA engine or a symmetrical data 
encryption standard (DES) engine is used to carry out code processing. Coded data are 
transmitted to an external device for decoding. Finally, the decoded data is returned 
and compared with the coded data. Any modification of BIOS data is permitted only 



after a positive identification is shown in the said comparison. 

A second object of this invention is to provide a BIOS chip having code 
administration capability, The BIOS chip is able to assess the validity of any BIOS 
modification command coming from an external device before granting any permission 
for actual modification of dala. 

To achieve these and other advantages and in accordance with the purpose of the 
invention, as embodied and broadly described herein, the invention provides a BIOS 
chip having a code administrator. The BJOS chip includes a first flash memory unit, a 
second flash memory unit and an integrated code administration device. The first flash 
memory unit is a device for holding aome internal BIOS data. The second flash 
memory unit is a device for holding coded data. The integrated code administration 
device is connected to an external device, the first flash memory and the second flash 
memory. After receiving a modification command, the integrated code administration 
device generates code dala. A data encryption of the coded data is next carried out. 
The encrypted data is sent to the external device for de-encryption. Finally, the 
original coded data and the decrypted data is compared for conformity. Only when the 
original coded data and the decrypted data match each other will the permission to 
modify any internal BIOS dala be granted. 

The said administration device Includes a host bus, a micro-controller, a random 
number generator and a RSA engine or a data encryption standard (DES) engine. The 
host bus is connected to the external device for receiving any modification command 
and modification data for the BIOS. The micro-controller is connected to Ihe host bus 



For receiving any modification command and sending out a request-fbr-inspection 
command thereafter. The random number generator is connected to the micro- 
controller for receiving the request-far-inspection command and generating a first 
random number thereafter. The RSA engine or the DES engine is connected to the 
random number generator and the host bus for receiving the first random number and 
generating a RSA encrypted data or DES encrypted data thereafter. The encrypted 
data is sent to the external device via the host bus. The external device then decrypts 
the encrypted data to produce a second random number. LasUy, the second random 
number is compared with the first random number to check if they match. Only when 
the said comparison is a match will any modification of internal BIOS data be granted. 

This invention also provides a code administration method for checking the 
validity of request from an external device for modifying the internal BIOS data before 
granting an actual permission for the modification. First, data for modifying the BIOS 
arc stored in registers. A random code is generated and stored. The random code is 
then encrypted to produce encrypted data. The encrypted data is sent to the external 
device for decryption. The decrypted data is compared with the original random code 
to check for conformity. If there is a match in the decrypted data and the random code, 
rtfrmission for changing BIOS data is granted. If the said comparison does not result 
in a match, modification of BIOS data is rejected. 

The random code can be generated through a random number generator. The 
random code can be encrypted by a non-symmetrical RSA engine or a symmetrical data 
encryption standard (DES) engine. 



It is to be understood that both the foregoing general description and the 
following detailed description arc exemplary, and arc intended to provide further 
explanation of the invention as claimed. 

DESCRIPTION OF THE PREFERRED EMBODIMENT 

Reference will now be made in detail to the present preferred embodiments of 
the invention, examples of which are illustrated in the accompanying drawings. 
Wherever possible, the same reference numbers are used in the drawings and the 
description to refer to the same or like parts. 

Fn general, BIOS programs are stored in a flash ROM chip. Since flash ROM 
chip can be programmed through external commands, ROM chip is an easy target for 
attack by virus programs leading to irreparable system mal-function. To prevent any 
illegal tampering with BIOS program, code data is generated and then the coded data is 
encrypted using a non-symmetrical RSA engine or a data encryption standard (DES) 
engine . The encrypted code data is transmitted to any external device requesting BIOS 
data modification. The encrypted data is decrypted by me external device. The 
decrypted dala is transmitted back and compared with the code data. Only when fhe 
decrypted data and the code data conforms to each other will permission for changing 
infernal BIOS data be granted. Consequently, BIOS data inside a BIOS chip can have 
a higher level of security. 

Fig. I is a sketch showing the code administration system within a BIOS chip 



according to one preferred embodiment of this invention. As shown in Fig. 1, the code 
administration BIOS chip 10 includes a first flash memory unit 12, a second flash 
memory unit 14 and an integrated code administration device 15. The integrated code 
administration device 15 further includes a RSA engine 16, a DES engine 18. a micro- 
controller 20, a random code generator 22, a host bus 24, a ROM unit 26 and an internal 
bus 28 First flash memory unit 12 is used to store internal BIOS data and second 
flash memory unit 14 is used to store encoded data. 

First, when an external device 30 sends a modification command WE# 1o the 
BIOS chip 10, the modification command WE# is examined by the code administrator 
inside the BIOS chip. Any data from the external device 30 for modifying the BIOS is 
accepted only on passing the eKamination. 

On receiving the modification command WE# via the host bus 24, micro- 
controller 20 inside BIOS chip 10 operates to store the modification data in an internal 
register (not shown in the figure). In the meantime, micro-controller 20 also activates 
random code generator 22 to produce a random code N. The random code N is 
transmitted to second flash memory 14 for storage via internal bus 28, At the same 
time, the random code N is encrypted by RSA engine lo" to produce encrypted data 
RSA (N). Alternatively, the random code N is encrypted by DES engine 1 8 to produce 
encrypted data DES (N), The RSA engine 16 and the DES engine 18 may even be 
used together to encrypt data for improved reliability. 



The encrypted data RSA(N) or the encrypted data DES(N) is passed back to the 
external device 30 through (he internal bus 28 and the host bus 24, The external 
device 30 next decrypts the encrypted data RSA(N) or DES(N} to produce decrypted 
data N. Through the host bus 24 and the internal bus 28, the decrypted data N is sent 
back to the BIOS chip 10. The decrypted data K is compared with the random code N 
in the second flash memory 14. If the decrypted data N and the random code N match, 
data for modifying BIOS is input from the external device 30 until the modification 
command WE# is no longer present. On the other hand, if the decrypted data N and 
the random code N do no match, any modification data from the external device 30 is 
rejected. 

The encryption of code data by the RSA engine 16 to produce the encrypted data 
RSA(N) or the encryption of code data by the DES engine 18 to produce the encrypted 
data DES(N) ensures no virus program can secure correct RSA or DES codes. Hence, 
any attempt by virus program to infuse incorrect data into the BIOS is bound to fail. 
Furthermore, the delivery oTthe encrypted data RSA(N) or the encrypted data DES(N) 
to the external device for decryption followed by passing back the decrypted data to the 
code administrator for examination adds another level of security to the internal BIOS 
chip data 

It will be apparent to those skilled in the art that various modifications and 
variations can be made to the structure of the present invention without departing from 
the scope or spirit of the invention. In view of the foregoing, it is intended that the 

present invention cover modifications and variations of this invention provided they fall 
within the scope of the following claims and their equivalents, 

4. BRIEF DESCRIPTION OF THE DRAWINGS 

The accompanying drawing is included to provide a further understanding of the 
invention, and is incorporated in and constitutes a part of this specification. The 
drawing illustrates embodiments of the invention and, together wilh the description, 
serves to explain the principles of the invention. In the drawing, 

Fig. 1 is a skeLch showing the code administration system within a BIOS chip 
accordi ng to one preferred embodiment of this invention. 



ABSTRACT OF THE DISCLOSURE 

A BIOS chip having a code administrator therein. The BIOS chip includes a 
first flash memory unit Tot holding internal BIOS data, a second flash memory unit for 
holding code data and an integrated code administration device. The integrated code 
administration device is connected to an externa] device, the first flash memory and the 
second flash memory. After receiving a modification command, the integrated code 
administration device generates code data and transmits to the second flash memory 
unit for storage. A data encryption of the coded data is next carried out. The 
encrypted data is sent to the external device for de-encryption. Finally, the original 
coded data and the decrypted data is compared. Only when the original coded data and 
the decrypted data match each other will the permission to modify any internal BIOS 
data be granted. Since the said encryption can be carried out using a non- symmetrical 
RSA engine, correct RSA code is impossible to derive. Hence, internal BIOS data is 
protected against modification through any infiltration by virus programs. 



